Change SHARED function to use a safe traversal when modifying a variable

When the SHARED function modifies a variable, it removes it from its list of variables and reinserts the new value at the head of the list of variables. Doing this inside a standard list traversal can be dangerous, as the standard list traversal does not account for the list being changed. While the code in question should not cause a use after free violation due to its breaking out of the loop after freeing the variable, it could lead to a maintenance issue if the loop was modified. This also fixes a violation reported by a static analysis tool, which also makes this code easier to maintain in the future. ........ Merged revisions 361657 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 361658 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@361659 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-04-09 19:44:35 +00:00 · 2012-04-09 19:44:35 +00:00 · f4fd1b2fb0
parent 90226b6fd7
commit f4fd1b2fb0
1 changed files with 3 additions and 2 deletions
--- a/funcs/func_global.c
+++ b/funcs/func_global.c
@ -243,14 +243,15 @@ static int shared_write(struct ast_channel *chan, const char *cmd, char *data, c
 	varshead = varstore->data;

 	/* Protected by the channel lock */
-	AST_LIST_TRAVERSE(varshead, var, entries) {
+	AST_LIST_TRAVERSE_SAFE_BEGIN(varshead, var, entries) {
 		/* If there's a previous value, remove it */
 		if (!strcmp(args.var, ast_var_name(var))) {
-			AST_LIST_REMOVE(varshead, var, entries);
+			AST_LIST_REMOVE_CURRENT(entries);
 			ast_var_delete(var);
 			break;
 		}
 	}
+	AST_LIST_TRAVERSE_SAFE_END;

 	var = ast_var_assign(args.var, S_OR(value, ""));
 	AST_LIST_INSERT_HEAD(varshead, var, entries);